Should I version control rel/config.exs

Hi,

I’m new in the forum, relatively new to elixir, and completely new to distillery and OTP releases, so sorry if I’m missing an obvious answer for this.

Using distillery I ran mix release.init to generate rel/config.exs. Apart from the configuration, that I would like to keep under version control, the file includes the BEAM cookie. I tryied to remove the cookie configuration as I don’t think I will need it, but then distillery complained:

==> Attention! You did not provide a cookie for the erlang distribution protocol in rel/config.exs
    For backwards compatibility, the release name will be used as a cookie, which is potentially a security risk!
    Please generate a secure cookie and use it with `set cookie: <cookie>` in rel/config.exs.
    This will be an error in a future release.

Should I keep this file out of version control or move the cookie somewhere else (another configuration file or environment variable)?

Thanks!

One approach is to use System.get_env to pull the cookie in the config, and source control the whole file. Another approach I use is to provide your own vm.args file which uses the REPLACE_OS_VARS feature to inject the cookie at runtime.

1 Like

Although I’m not sure I understand the 2nd suggestion, it seems that in both you keep the rel/config.exs under source control.
I will do the same and keep the cookie somewhere else.
Thanks for the answer!